Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

I spent some time writing billing data analysis by candlelight. This, of itself, is not unusual in a developing country (where I lived at the time). But since the client was the electricity company and it was their data being analysed, the irony was not lost on my client who insisted that I never mention this fact to anyone... Well, that's all over now!

I don't know a single person - literally not even one - who still uses local mail.

Well now you do - consider the many, many people (such as myself) who are frequently offline or in places where internet connectivity is limited, intermittent and very expensive. Offline email is not an option for me - it's a way of life.

Anthony_Cargile writes "Everyone thinks of Google Plus as a social networking website competing with Facebook, but that is no longer the case — even Google recognizes its failure in that regard. But in a meeting with Sergey Brin and Larry Page shortly before his death, Steve Jobs gave key advice as to what direction to take their company with regards to Google Plus, as is evidenced by their controversial new 'umbrella' privacy policy that went in effect this year. Privacy advocates beware, as the problem is almost certainly worse than ever anticipated."

(1) Net Centric Diplomacy databaseAppears to have been trivially downloadable. Manning used Wget to automate the capture of cables from this database. Manning had access to secure networks (SIPRNet) and it was this, rather than any technical expertise, that allowed him to pull all the cables.It seems as if the Net Centric Diplomacy database and its interface (presumably a web front end) lacked any functionality to inhibit automated / bulk downloads, to track or log downloads or to alert operators to suspicious or anomalous patterns of access.

Contrast this with the logging that was available in IntelLink (the SIPRnet internal search engine) that helped link incriminating keywords (Assange, Wikileaks etc) to the IP address assigned to Manning's computer. The defense cannot refute that, while they may be able to undermine the (very poorly gathered) computer forensics from Manning's computer.

(2) Microsoft Share Point serverAppears, also, to have been wide open to anyone on SIPRnet and to have permitted automated (scripted) bulk downloading of files. And, like (1), appears to have lacked any functionality to alert operators to suspicious behaviour.

Contrast this, also, with the logging that was available in IntelLink.

(3) Manning is no expertFirst, he used the same password for both his operating system (presumably, his Windows username/password) as for his encryption. Second, he claims to have "zero-filled" his hard disk but had not done so. Third, he used his own computer for the IntelLink searches thereby leaving a trail of evidence.

(4) Lack of expertise seems quite widespread...The computer environment at the FOB where Manning worked was risible. In testimony, an officer described how "soldiers would store movies and music in their shared drive on the SIPRnet. The shared drive, called the “T Drive” by soldiers, was about 11 terabytes in size, and was accessible to all users on SIPRnet who were given permission to access it, in order to store data that they could access from any classified computer." In other words, in practise, no distinction between storage for movies and music and the storage for classified materials. While the officer told soldiers not to use it for music and movies (and used to delete same as well as reporting the abuse), the practise was prevalent. And despite the 11 terabytes (that is 11 thousand Gigabytes) available for music and movies, this officer cites lack of storage as the reason that some logs (that may have contained evidence) were not maintained. This officer, Capt. Thomas Cherepko, received a "letter of admonishment" for the lax enviroment at this base.

Has the buck stopped at the Captain? I believe that points 1, 2 and 3 suggest a culture of information security so poor as to merit serious enquiry in its own right. Manning probably did break several laws in gathering and communicating the cables to WikiLeaks and, if convicted, must face the music. But the ease with which he did this ought to be cause for far more concern than we are seeing in the media. The US Army appears to be throwing Manning under a bus, but only a slap on the wrist for Cherepko. That is unjust. Lets see how this unfolds...

Demerara writes "http://www.canyoucrackit.co.uk/ CanYouCrackIt is an array of numbers and a prompt to enter a keyword. The numbers are displayed graphically so you have to manually transcribe (or else do OCR with blue-on-black text) to another application for automated analysis.BBC reporting (here: http://www.bbc.co.uk/news/technology-15968878 ) that the people behind the Can You Crack It website are the UK's GCHQ (one of the UK intelligence agencies) and that they're hiring!So, let's see if the Slashdot effect holds...;-)"Link to Original Source

A reporter from The New York Times, an American of Norwegian rather than Afghan extraction, voluntarily submitted to a test screening with the B.A.T. system. After his fingerprints and iris scans were entered into the B.A.T.’s armored laptop, an unexpected “hit” popped up on the screen, along with the photograph of a heavily bearded Afghan.

The “hit” identified the reporter as “Haji Daro Shar Mohammed,” who is on terrorist Watch List 4, with this note: “Deny Access, Do Not Hire, Subject Poses a Threat.”

Hilarious, until this "hit" is used to trigger a missile strike on your house. this example illustrates why outputs of biometric comparisons should be human-adjudicated when anything other than a parking-space is at question.

Google has released two phones ever, both of which are easily rootable.

Easily by the average/. reader - but I suspect that HTC would like to see that bar lowered significantly. I imagine that a hardware vendor (HTC, for example, but it could be anyone) wanting to put a serious hand-held device into an enterprise environment would like to make it simple to cut the umbilical chord to Google.

Or just to offer power users more options to rid themselves of the constant sucking noise of Google (and Facebook and Yelp and the rest of the bottom-feeders) eavesdropping on our every action, thought, movement.